Bugtraq mailing list archives
Re: buffer overflow in nslookup?
From: uwe () CSL-GMBH NET (Uwe Ohse)
Date: Mon, 31 Aug 1998 15:08:43 +0200
If your nslookup's main.c includes: sscanf(string, " %s", host); /* removes white space */
you can find the same in dig.c, and a patch for dig, removing that and some other problems, at http://www.nrw.net/uwe/dig-8.1.2.patch Needless to say i told bind-bugs () isc org more then two months ago about the problems in nslookup and dig, and never got a reply. Regards, Uwe
Current thread:
- Re: FreeBSD's RST validation, (continued)
- Re: FreeBSD's RST validation James Snow (Aug 30)
- Re: FreeBSD's RST validation Tristan Horn (Aug 30)
- port scanning. (fwd) Darren Reed (Aug 31)
- Re: FreeBSD's RST validation Andrey Alekseyev (Aug 31)
- Re: FreeBSD's RST validation Diane Bruce (Aug 30)
- Re: FreeBSD's RST validation Oliver Friedrichs (Aug 31)
- SEYON vulnerability in TurboLinux 2.0 Scott Stone (Aug 30)
- Re: buffer overflow in nslookup? www.devoid.net (Aug 30)
- Re: buffer overflow in nslookup? Benjamin J Stassart (Aug 30)
- Re: buffer overflow in nslookup? Theo de Raadt (Aug 31)
- Re: buffer overflow in nslookup? Uwe Ohse (Aug 31)
- Hole in Oracle Server/Developer 2000 - authentication protocol. Yaron Yanay (Aug 31)
- Re: buffer overflow in nslookup? Willy TARREAU (Aug 31)